hxxp://8m6rx8[.]czzqscpwfddnr[.]com

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2023 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://8m6rx8.czzqscpwfddnr.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2264	msedge.exe
2264	msedge.exe
2168	msedge.exe
2168	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
5444	msedge.exe
5444	msedge.exe
5444	msedge.exe
5444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2168 wrote to memory of 3432	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3432	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4808	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 2264	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 2264	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4644	2168	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://8m6rx8.czzqscpwfddnr.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1e2546f8,0x7ffd1e254708,0x7ffd1e254718
2⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
2⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
2⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3944659651126715952,12108504014172912348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5328

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ef2ab50a3d368243b8203ac219278a5d

SHA1
2d154d63c4371354ff607656a4d94bc3734658a9

SHA256
2e2faf2873e0b8d58788da8603acdd772642a396fff661c4e32f8a581362cbdf

SHA512
4533997bf4070f99306337b8ff553691d4cf1d1b53401628524ad4dc9d29bd0536a3f2df4ecdd0a8afa81b7f917f40524c9a1898b566ee499a358abc5c84b27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
53KB

MD5
38ebca22fcdef2676323f62d33760db8

SHA1
437af61574dec2383e222b6ccd8c91c749b8f94d

SHA256
e3e35241f0f9499d160210c7b1b911999adfb8d91c7ecda69f049d4aecfe9f9e

SHA512
661b2ddc3be2f7d65a77b80606860d1a95b0a0f69a3a7d33a36d9a251d3ed7ededb06a912e01f9587f0414a97dc3e326e8657eea079394da26e155d3df2ffae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
30KB

MD5
41e2df579e72738961c19f52bdb1f923

SHA1
574666e3c43952471c49505f3b5142cd70f5f766

SHA256
f9761b451840099f5780e512509c8b762d60e7cac36186d398c13b3e004922d1

SHA512
d9d3262abdc198d887d12b2a8b0192a378edd292120abef15c445ad34a0f8f2aec8f0c5e03d7286fd5f8389b06a7e664b52574c6dfa46189b13b9e87d3a3f13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
60KB

MD5
f23abc2303e8efb08b76c38e3a63764a

SHA1
529c61a864b3e8da086d9295cf6d82b19514a93c

SHA256
b869d5e2118a2208f192e14d385d4e7c083c0176fbaab5878275f50bf791ec74

SHA512
1f9d1f597f386d98a51d2e5ed1150a4e8c351329d010139d92722cfe41f1f4e7475c52fe3d2ac8a5425830596980445443e2f679c1b7904846790c8c85bf80e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
32KB

MD5
3a2c5435969f7222c4984ce8122cfed3

SHA1
37723c39f2499e2803a45658154a9f3b5e4abd95

SHA256
c74e25d5b1fd8b1fc24abdc3862059b0c7122a52d71e054eb90482efab259a23

SHA512
010f570e1d564c9adfd85bcd9e325143c4e27bb65ddc38108d783ff9fb61b4ef84a240ffc4b342806c1273fd251fb6e7a915fd1b101f58327f43e62c7b2638b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
19KB

MD5
aa5465dac1accff7293da8812fea7d6e

SHA1
21387ac6bc798530aeb6282584b4fad93698877b

SHA256
6dff4268dffde2dde7a59eb06fd22878aeec6f222662c5b7f7bc0bdbb84d4006

SHA512
2b90a547bcdf7d2f6d9f21203296f4e942c53081631296c8455fba7899799d296253e2cf0d2c4bc8b21f863151aa402d476350ec5dcaa9c6745ffa4f4f824fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
38KB

MD5
3faec8de20b95a08c8670d551605be8b

SHA1
1c968359bebb06c13e75e64d2cf96c4697d06608

SHA256
50fd063b0aa7a00beb2edaceaa0e3929695529166a615dd99885e67e613994d5

SHA512
6011a7916eb7953e3af2569c7b2f49ae4fd8bee524a27198169682da582c4b8ed37c4a689fa72ec743199fca2d828ecd4011d2732855ed767c1c8772bc389365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
f22093c9b6f24e665e87c555cc900f69

SHA1
013e1e7191d2e5e3372ee8989b62b479940ca093

SHA256
fe5f8fa859af4892612ffe2d7e71323f9d83542deb85455be9977082843f34e1

SHA512
df56573b986537e80d53937fc47dff214c37b810b79293b9c3aa25c19a48cf3ce89742b69d53b7a7229c66c3bde7d2bbaabf4b4b6a209850d1be1e69e4a1d6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
8383b6f49dfb211ebcea9cf36799175b

SHA1
c3ed96e3fd7c0d778a19ae1f9075af6c73131be1

SHA256
d2d504ca3c31027e8ae3b9acf47e69e3cbbb78a1d4d3512a2d5121b750c950da

SHA512
cafb7604bf883070b4d2e14a2446fd716f121f8313b3625d435048713e51d8db98865ef8819abee346355288bb4c28a717665031e26d4bab58025480ae27471c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
36078f3a4b2da20841b4cd4e4c93eb6a

SHA1
23b63598a8c9927a997050a5a0ce90542e4354a6

SHA256
06fbaa769a6521eb1dcf25502cf4024a801ca37f14003567474095bd1d14964f

SHA512
5bbde651d7bfe2ce376027fa87f439162a08f7718adceec320b82748f00a382b7a6b40e9fa41abda198a585b9ffdc9897f108238585ac259f632a23200ebfc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
482ae55f69fcb29bcebed4b70ec0af12

SHA1
c1aecf1a135b50fdb42d4b09363f376a846d0ead

SHA256
1733b6e73ff64c67924837aba3623e033347108ea64c13b54014c976882b36d1

SHA512
7c67699e7d43a6769933fdcebc7f27fbee196709d6dee27f435c67a51c0281646adf3ebeb14d9810210a552faf8928f92aa0a00e1bb6bf1b900ade805c08e5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
537dee467aaf0e108e142b554273a25c

SHA1
6268855040746dbfdcdcfc0b987a51f360d53528

SHA256
eccf81048b386ecbd9581204bae09f4a18699ba92c3bd9d351cbd069816e4ea5

SHA512
442bfa53e10861127f95be83450f90e1a63c2cc00b2b074f8c37661cf5fa5923923b46d98e469c00d4f65a04bc484a51a3994aaeaa4419caa4486f6f53e00393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fa67ecd1c4acb0c5bf991ee1bbb92a83

SHA1
321eeb8df6c6ca754355afa7b475e154a65ae8d0

SHA256
2c2d20cc25e01aab4468a9136ea7bc51134ef82314f8c60d0d05cbfaab2f7b78

SHA512
93d3087b8257bcf50c55049a21cb31e2712f069842cfc2e3fa56c8d961a81c44c9967397b68659307bcd293566e36041be087fdd8f5ca034e02ec54a304dee94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4125013368b4046487ea0b4ad6cf618a

SHA1
0b90991e7a64a4a6ae859e2be1230843d7c61905

SHA256
e7e62f6918c46390073ca9cbd46911a15663b1da23543ddafc4082c3baf9247f

SHA512
c4fdedf7e3cc3ea99256d7b8507fbc13206a95f4d8f6414d14887fc906d7579da628eaad42c2a3992bf5f4fad9460afa1e98420e54874971fc75644e06bc016c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a91eba9114747d08a1fb35185d7b5189

SHA1
9d64921edea2ad13ede7879c7ce78d0346c7f94e

SHA256
251aa97d7e3678b3c6e858e98c80147a79ab7d4f425964e33e9149b863074e5c

SHA512
e351da1623572c00cb5c75f0b2cb6028e8fc3e3ebf45b93358e391d203e65aad01205c776956b239381933e86db00b85f87696caf5c699fe1e9d5fe94ea63378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c3d923af59545fe4ae2a88c2d8379bdb

SHA1
2e63576eb894934240d1d15919e84da6d08e02fe

SHA256
5e2995643617600f4d078b2180fdafc3fb8cf42d77190ed1b81123f5ae97d297

SHA512
fcd713fe667310c04ecc5c644612818c43ff4475db69746bf0faaf8fa12c0c2094e98574d61ed761dda30f5457998416edeb31c7b4f4f1d295dc1978bec045c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1bfcf8092b03dd13c63d32424cd48af3

SHA1
253bb0c2da312182a4b0e2454140f4004fc2787a

SHA256
b99317d692697e123d9964f36e4ad082dfb2a78fd0935c464a56c6cb81f5acbc

SHA512
5684d8e4ce5532aac2fe903397d1ebe27fd9a7dbefbdfca471f8586d96557c9fb19aa31957bd5416abd33bebf8d310a7c8e6f62b6d01639788c20be8439bd329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
bf38e67347aea6d520cda5fde321a1e5

SHA1
0e7a8def4c923201d76b41dfa9918bb1052827ea

SHA256
0f0744f36e30e64949c41835aa5666f25c1ab4f3636d9247b8350fd8ad4f8025

SHA512
f62478dd4e38c6bef2bfc24f46caa03840613711e2b6fda2aad707df5cbd33b25af4fc3954521e203b981c4a10e5c8fd2520cabc16cdad858eed819b45a6f366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
01c2cc059ebb3b22bc74b2f398b5d1f3

SHA1
7c12cbc7263cc44abbff261358107025d909f534

SHA256
ef20c839070e01f8784f903f3e6701fc524dc6185a3f79c21bf239580d1f9796

SHA512
b2a617991612f44fb8bf8795f54574ab8bbf228c983e58b0fded0384cf6d63cefe821ab819dbc7cdbdb03995e75b829f5f635ffcbc2f6216ab67481055e11441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6bff78737c0ac2f72199bc5db8f2ab51

SHA1
682f56c408fda269f96ce98cff540d5c0396c376

SHA256
0374180f5ed9bd7e6695bbfe09bb44cc11a2790d42caf7355e16d5335600af57

SHA512
274c412b52eca59bc9cb3112ca1e591ec79d438cd9aac5be4a55ca43da325cb32fb75f42ef58263f922f707eb0bee0a7cd00f8f6bc05406ed6c52f5633203ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd5b.TMP
Filesize
204B

MD5
76dbc4cbb8f6fb3c149f7d1321c7da5a

SHA1
2c66636f94da10510fb6cbd9021b4653f7a4e5d4

SHA256
eab07facd1afa42d2adfdb6607d6e1d11666b1c4b6d671a7053b45b152c85df8

SHA512
978f589d8e1d9d15bcae8329cd34954ce5599b16d9f36663997ac3b1a2f8d32ceeab2326c0cdcc00ea1f685a7f55a18ee39cf7e9bb7a36163bf18c0bafcde40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4ddd28b2ee67528de4e38f60ee8d7ca8

SHA1
8315fb2fbbb7c7286bdc461db0250b1cded49740

SHA256
cbb5827c39b3cf96fb508835ac9b6a00bf611418b3e92daad08d78a08aefa92c

SHA512
676481b8350b901027d10f20be1678163a162e07fcb00a3595a0cf5a84108afc16823d41786fb5cba5757d41c4dec826b5b5449827550aa51c18ff599c303279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5287e37a23fd53b09a79672a39331f51

SHA1
c0aebd10fa6fe6cf5549d43815b10daf46a08e89

SHA256
6b8ff15dfdda359b7779be8ee887f8906f65db2f13a4580ebf1db071eca38bbe

SHA512
b94d69210fcbae57d3d21e38ac814459304573036264d1adc147943ad655703be28574265cd6537d6a41beb1e25ef151bdd9a10e954b724d242d775db6a692aa

Download Submit
\??\pipe\LOCAL\crashpad_2168_LKXZZFRUOODHJMXK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit